16 matches found
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Discarded command completions in internal errors. Fixed the use of “free” after memory deallocation when FW completions occur while the device is in an internal error state. Avoid calling the completion handler in th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
kernel: net/mlx5: Discard command completions in internal error
A use-after-free vulnerability has been discovered in the Linux kernel within the drivers/net/ethernet/mellanox/mlx5/core/cmd.c component, specifically related to the Mellanox network driver. This flaw can lead to compromised system availability. Successful exploitation could result in...
CVE-2024-50147 net/mlx5: Fix command bitmask initialization
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGEPAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGEPAGES. In addition,...
kernel: net/mlx5: Discard command completions in internal error
A use-after-free vulnerability has been discovered in the Linux kernel within the drivers/net/ethernet/mellanox/mlx5/core/cmd.c component, specifically related to the Mellanox network driver. This flaw can lead to compromised system availability. Successful exploitation could result in...
SUSE CVE-2024-38555
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...
UBUNTU-CVE-2024-38555
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...
CVE-2024-38555
CVE-2024-38555: In the Linux kernel, the net/mlx5 driver fixes a use-after-free by discarding FW command completions arriving during an internal error state. The patch prevents calling the completion handler when the device will flush the command interface, avoiding use-after-free/refcount underf...
CVE-2024-38555
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device will flush the command...
SUSE CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
DEBIAN-CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
UBUNTU-CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
CVE-2021-47286
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
CVE-2021-47286 bus: mhi: core: Validate channel ID when processing command completions
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...
PT-2024-11290 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns the Linux kernel, where the MHI Mobile Host Interface core does not properly validate channel IDs when processing command completions. This could lead to out-of-boun...
GSD-2021-1001234 bus: mhi: core: Validate channel ID when processing command completions
bus: mhi: core: Validate channel ID when processing command completions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...